Vssadmin doesn't verify that a drive volume is supported for DiffArea

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Foundation More


On a computer that's running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2, assume that you run the following command to add shadow copy storage association for a specified encrypted volume to another volume:

vssadmin add shadowstorage /for=<source drive> /on=<destination drive> /maxsize=unbounded

Note The <source drive> placeholder represents a data drive that has BitLocker protection enabled. And the <destination drive> placeholder represents a data drive that has BitLocker protection disabled.

This command runs successfully without errors or warnings.

Important This configuration is not-supported.


This is a known issue in vssadmin command syntax. Vssadmin does not call the required function to check whether the volume is supported for shadow copy storage association.


To avoid this unsupported scenario, use the GUI to configure the version of Shadow Copy that appears when you right-click the disk volume icon.

The Volume Shadow Copy Service (VSS) UI calls CVssDiffMgmt::QueryVolumesSupportedForDiffAreas() and checks whether a volume is supported for DiffArea. If a volume for DiffArea is encrypted and it's not the same volume, the volume is not listed in the UI.

More Information

Other unsupported configurations of VSS storage include the following:
  • A nested volume (such as when the physical volume is the previously mounted volume).
  • If the BitLocker-encrypted volume is another volume that's specified as a shadow copy storage area in the source volume.
  • If the sector size of the volume of the VSS storage area is larger than the source volume.